Saturday, February 18, 2012

The dangers of online event registration

You are thinking of putting on an event. You want people to be able to sign up for the event in advance. You have a few choices. You can use a direct payment system such as Google Checkout, PayPal, etc. but if you event needs additional information such as Age, Gender, T-Shirt size, etc. it is not easy to request this using the direct payment method. An alternative is to use an online event registration system that is customized for your type of event.

But here's where you should beware. Remember that your data is your data and your payment is your payment. Some online event registration systems give you little or no access to your event registrations. And even worse, these online event registration systems are usually the ones that hold on to your money. This is crazy! What kind of business prefers to be paid 30 days or 60 days after the event for items that are paid and cleared within days. I've even heard of online registration operators tell event directors that the online registration operator will "front" the event director "money". Always beware of someone "front"ing you, your own money.

Instead, say "no, thank you". I simply want to be paid when each registrant signs up.

This gets even worse. Consider this case that has been reported recently. An online registration system that does NOT disclose the registrants to the event director and HOLDS all the payments -- the worst possible case -- decides to hold the event director hostage and decides to force incredible overpriced event race timing on the event director. Now the event director could take his participants and timing business elsewhere, you would say. Yes, he could but only if the event director has access to the participant data. But of course in this case the event director does not. To top it all off, the online event registration operator threatens to refund all the participants money UNLESS the extra payment and charges for timing are accepted and paid for.

This seems like a unrealistic case, who would be so unethical and destroy their own reputation. But this is a true case.

The point is always realize that your data is your data. And your money is your money.

Do not trust some of these fly by night online registration system that hold your money and your data.

Friday, January 14, 2011

The dangers of online credit card processing.

Did you know that when you use your credit card in most stores, the seller (meaning the store) does NOT see your full credit card information. They usually see only the last four digits. Remember in the past when you handed your credit card to the checker and they would literally make a copy of your credit card information and store it. That was an enormous security risk. And we left that behind with the advent of customer access machines. It's not an accident that now you swipe your own credit card. It's not a way for the store to get you to work for them. No, it's all about credit card security. The important point to notice is that you hold the credit card all the time and the seller never sees the credit card information.

Well, we've taken an enormous step backwards in the area of online credit card processing. Imagine you are buying something online. Let's say you are signing up for a running event. The race organization usually defines the online registration system that you must use to sign up. The race organization is usually small and usually does not have much or in some cases any technical knowledge. You usually end up with whatever is sold to them or whatever everyone else is doing. This may or may not be the best choice for you in terms of your security.

Let's say a very small beginner website talks the race organization into using their site. Let's say that the very small website creates a merchant credit card account. This means that the small website can process the credit card information directly with a credit card processor. This is an alternative to the Google Checkout, PayPal, and Amazon, etc. payment processing options. This is where the security problem begins. You are passing your complete NAME, CREDIT CARD NUMBER, and CVC CODE to this beginner website. The beginner site says that it is secure because it uses SSL. But SSL is only a mechanism to help ensure that the data that the client browser passes can only be seen by the seller website server. But this does not handle the case where the seller website server is compromised. All the information is in clear text and available on the seller website server. This is a problem because multiple people and programs have access to this information.

You may say this is terrible, but what is the solution? The solution is to use payment processors such as Google Checkout, PayPal, and Amazon, etc. as the payment processors. These larger payment processors only give an tracking code to the seller and they process the credit card information securely. You should only buy from sites that give you the Google Checkout, PayPal, Amazon, etc. option. Otherwise, you are spreading your credit card information all over the web to many sellers. Not a good idea.

There will always be critics that say, "I don't want to give my credit card information to PayPal, Google, Amazon, etc." The irony is that the smaller website actually use PayPal, etc for their payment processing. So you give the credit card information to a small website with possibly questionable security and the small website gives it to PayPal and then you purchase the item. It seems to be common sense that you should reduce the number of eyes and programs that can see your credit card information.